Cybercrime concern over patients’ records

editorial image

The records of Southern Health and Social Care Trust patients could potentially be available to criminals on ‘the dark web’ a cyber expert has warned.

In May the services of 45 NHS organisations and GP practises in England and Scotland were disrupted amid a global cyber attack which British security officials said originated in North Korea. The attack did not appear to affect Northern Ireland.

However Johnston Press (The Leader’s parent company) recently put a series of Freedom of Information inquiries on cyber attacks to all health trusts across Northern Ireland, including the Southern Trust, in light of the fact that they hold sensitive data on each of their patients’ medical and social care histories.

The Southern Trust said it “had not had any cyber attacks in the last three years.”

But David Crozier, Head of Strategic Partnerships & Engagement at the Centre for Secure Information Technologies (CSIT) at Queens University Belfast, challenged the confidence of the Trust and said it was feasible that advanced hackers could have taken their data without them knowing.

He stated, “But to what extent do they know? So, yes, if they have had a ransomware attack they will know.

“[But] will they know maybe that there is an APT, an advanced persistent threat, sitting on their network for the past eighteen months exfiltrating [secretly withdrawing] data?

A spokesperson for the Trust said: We take our responsibility for data security, including cyber threat, extremely seriously and we have a range of software in place to detect any threats.

“We record all incidents and near misses and we also commission expertise from external network security companies for services such as penetration testing.”